Enabling Reauthenticated Approvals
You can configure access requests to require approvers to reauthenticate when they approve sensitive or regulated access items. The system requires approvers to provide a comment that describes the business justification for the access, then directs them to the SSO reauthentication. The decision is recorded as an authenticated approval to fulfill your security requirements.
Note
The reviewer can choose to deny or reassign the request without having to reauthenticate.
Prerequisites
For reauthenticated approvals to be available in your organization:
-
Enable SSO on your tenant.
-
Enable reauthenticated approvals in your tenant using the Update Access Request Configuration API with the
reauthorizationEnabled
attribute.
Configuring Reauthenticated Approvals for an Access Item
-
Go to Admin > Access Model > [Roles / Access Profiles / Entitlement] and edit any access item.
-
Select the Reauthentication tab.
-
Select Require Approval Reauthentication.
-
Select Save.
Note
The audit record for the approval captures the reauthentication, including the approver, date/time of approval, comment, and reauthentication token. Use Search or one of its pre-built audit reports to review the approval audit.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.